Security Tools
Project Description
SNAPSHOT
As public safety adopts emerging technologies for wireless communication, the potential for security vulnerabilities increases just as computer network vulnerabilities have increased with the development of the Internet. To protect public safety communication and information systems, the security implications of new technologies must be broadly understood.
BACKGROUND
Security is an important component of P25, and while many security researchers work with theoretical vulnerabilities, on behalf of the DHS/OIC, PSCR is developing practical security tools for P25 radio systems. For example, one could read the P25 standards and come to the conclusion that P25 radios are vulnerable to unauthorized inhibit commands. However, until such an attack is attempted, this vulnerability remains purely theoretical.
AN INNOVATIVE APPROACH
PSCR is particularly well-equipped to develop practical security tools for radio systems. PSCR is:
Demonstrating vulnerabilities that have never been implemented in practice
Working with the TIA to address security concerns
Developing tools that can be used by manufacturers, researchers, and users to test the security of their systems
Developing a P25 Common Air Interface monitor, an essential tool for future security research, and for testing the security of deployed systems
VALUE TO PUBLIC SAFETY
To make appropriate deployment decisions, users need complete information about security strengths and weaknesses. The strength of digital radio and P25 is that many security concerns can be mitigated. PSCR, with DHS/OIC, will fulfill several important functions for the public safety community.
Security Information: Provide a central point for both collection and dissemination of security information
Awareness: Promote awareness of P25 security strengths and weaknesses among the standards, manufacturing, and user communities
Mitigation: Document each known security vulnerability, consider mitigation options for each vulnerability, and document mitigation decisions (even a decision not to mitigate a particular vulnerability) within TIA
RESULTS
Though the PSCR program’s P25 security work is in the early stages, significant progress has been made.
An initial enumeration of wireless communication security needs for public safety is included in the Public Safety Statement of Requirements.
Considerable work has been done to develop security assessments specifically for P25.
The SAFECOM Executive Committee and the P25 Steering Committee have been briefed on security concerns and are aware of the needed next steps.
A growing awareness of security issues is apparent throughout the public safety community, standards development organizations, technology developers, and the public.
. . .
Right-click Security Tools to save or download this one-page project summary PDF file.
For more information, contact: Andrew Thiessen.